2022-12-19 - Version 2

Zero Trust Guidance Rewrites US Cyber Strategy

“Our adversaries our in our networks, exfiltrating our data, and exploiting the Department’s users.”

So reads the humbling introduction to zero trust guidance recently released by the Department of Defense (DoD). It acknowledges in the very first line that cybersecurity has failed on almost every front. Then it makes a complete commitment to zero trust as the solution.

Many were waiting on this guidance and wondering what, exactly, it would entail. It comes following an order from the Biden administration 18 months ago to strengthen America’s cybersecurity in a big way. Many changes and long-overdue improvements have come out of that order. But by far the most significant is a commitment on the part of all federal agencies to adopt a complete zero-trust posture by 2027.

We now have a road map for how the government plans to get there. I will cover that shortly. Before that, let me highlight a few reasons I think the latest guidance (and the strategy that prompted it) are worth paying attention to.

First, that strategy will form the backbone of U.S. cybersecurity, which in turn will play a critical role – or may even be the cornerstone – of continued national security. Cyber attacks will be the most accessible, most common, and most devastating kinds of attacks in the future, so how countries defend themselves against this massive risk really matters. I have been writing about national cyber defenses from a few lenses recently. What makes the US approach unique, from my perspective, is the insistence on not just applying a cyber strategy consistently across all agencies but focusing it so specifically on zero trust. Some will call it practical, even mandatory, to make zero trust the guiding principle of cybersecurity in a decentralized world. Others, however, might view it as putting too many eggs in one basket. Time will tell.

Which brings me to my second observation, which is that the US government is embarking on the biggest experiment in zero trust ever undertaken. Keep in mind that the phrase “zero trust” has barely existed for more than a decade, and few large-scale, trust-free environments are actually up and running. Despite widespread zero trust adoption across the private sector, the government is by far the biggest trailblazer on this front, and the road ahead will be illustrative for all. What will it take to eliminate trust from the whole of the federal government? And once 2027 arrives, how secure will the government really be? This test case could cement zero trust as the centerpiece of cybersecurity moving forward – or it could reveal zero trust to be just the latest flawed fad. I suspect the answer will land somewhere in the middle. But unpredictability is the dominant feature of cybersecurity, so who knows what will happen? It will be important no matter what.

The Next Five Years in Zero Trust

A 2027 deadline to standardize zero trust across all federal agencies creates a lot of work to finish in a short five years. To its credit, the DoD seems to be fully aware of that fact because the roadmap is systematic and comprehensive to an extreme degree. Since there are so many different agencies with so many levels of cyber maturity – along with existing zero trust deployments – the guidance aims (and largely succeeds) at being accessible and universal. Which is a bonus for the private sector because companies can then easily adopt the government’s zero trust strategy as their own.

The roadmap has four distinct goals:

Zero Trust Cultural Adoption – Everyone in the DoD understands and commits to zero trust principles (trust nothing, verify everything, encrypt automatically, segment risks etc).
DoD Information Systems Secured & Defended – All new and legacy systems follow the DoD zero trust framework and put prescribed capabilities in place. Further guidance on this is forthcoming.
Technology Acceleration – The DoD and its vendors get faster at scaling, innovating, or replacing new technologies as new threats and new tools emerge in the coming years.
Zero Trust Enablement – The zero trust framework has the resources and support it needs to remain a robust and consistent effort.

Each of the goals has multiple objectives considered imperative for achieving the desired outcome. Overall, the DoD identifies 45 capabilities and 152 total activities required for framework compliance. I would encourage anyone to peruse the framework – it’s heavy on jargon but also a valuable visualization of how the disparate components of zero trust fit together to form a cohesive security strategy. It’s not just MFA and encryption (though the framework calls for both of those things). Perhaps more important to realize, it’s not just about security or IT either – it’s a whole new way for information to move.

As such, what the DoD has set out to do (and the timeline they have committed to) is fairly remarkable. Whether it will succeed is debatable. Whether it’s interesting, important, and impactful for everyone in America isn’t. It will be a fascinating five years.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

vRx 2022

Zero Trust: What Is It and How to Implement

Zero Trust and Data Security in Companies

Due to the surge of ransomware attacks, the increased risks for data loss, and the continuous adverse effects cybercrime poses, many organizations have adopted the zero-trust principle to harden the security of their systems, thereby increasing their cyber resiliency.

Cyberattacks have become so ubiquitous that the Biden White House issued a statement urging American business leaders to strengthen their organization’s cybersecurity measures.

As it stands, GlobeNewswire reported that zero trust security is expected to reach a market value of $29 million USD by the end of 2022 and increase to US $118.7 billion by 2032. This significant growth in the coming decade comes from the value zero trust brings companies.

The simple fact is that business leaders are following its principles, like consistent monitoring and validation, because these principles help prevent data breaches and mitigate data loss.

This post will dive into what the zero principle is, as well as its capacity to tighten workplace data and security, effectively ushering in what Microsoft calls:

A new security model that more effectively adapts to the complexity of the modern environment, embraces the hybrid workplace, and protects people, devices, apps, and data wherever they’re located.

What are the cybercrime trends that zero trust can help curb?

One trend that’s risen in recent years is ransomware. Ransomware cripples businesses by locking their computer systems until a sum of money is paid. These attacks are expected to have a price tag of $265 billion USD annually by 2031, according to Cybersecurity Ventures.

With how easy it has become for ransomware gangs to deploy ransomware on a multinational scale, businesses need to deploy enhanced cybersecurity solutions to lessen system vulnerabilities, because “when it comes to ransomware attacks, it’s a matter of when, not if.” Read more from the Keepit blog article on how to prepare for ransomware.

It should come as no surprise that ransomware attacks can result in operational downtime. A Statista report stated that the average length of interruption after ransomware attacks is 20 days.

Even minor disruptions can decrease employee productivity, impede communications with clients—among other issues such as the significant fines Marriott faced—and impact business continuity. One might struggle to fully comprehend the serious implications that 20 days of downtime would have for businesses.

Zero trust, in a nutshell, is guided by the principle of ‘never trust, always verify.’

Why Zero Trust?

Zero trust, in a nutshell, is guided by the principle of “never trust, always verify.” It’s a modern security architecture which assumes that internal and external threats exist on the network at all times due to the pervasiveness of cybercrime. And as such, it requires all network users to undergo verification and validation processes before they can access the network resources.

Is zero trust really needed?

Generally, employees within a company access multiple networks simultaneously. There are many, many data exchanges between multiple user devices, across potentially numerous networks – of course, depending on the complexity of a company’s IT infrastructure.

This architecture boosts productivity through increased collaboration. However, this can come with a hidden risk when not following the zero-trust security model.

Zero trust use cases

What might that risk look like? Let’s suppose that one employee working on a single device is validated as “trusted.” But that device has become infected with malware by the user opening a dangerous email. (Learn how to identify a dangerous email.)

Since this user’s device was previously validated and is now assumed harmless, it still has access to all the users and networks as before being infected without having to provide or verify any credentials.

The result is unrestricted access to spread malware from this “trusted” device to other users within the network and to other devices within overlapping networks, allowing the malicious actor to expand their reach and damage, gaining access to more and more of a company’s business-critical data.

This example is the main reason zero trust architecture rejects assuming any device is safe. Rather, the system reduces risks through continuous authentication, thereby enhancing protection for your company’s network system by always verifying and authenticating. According to TechTarget:

This protects your organization in ways other models can’t. It stops malware from entering your network; gives remote workers more protection without affecting productivity; simplifies management of security operations centers with enhanced automation; and extends visibility into potential threats to improve proactive remediation and response.

TechTarget

How to Adopt Zero Trust

According to a Microsoft zero trust business plan, “digital transformation forces re-examination of traditional security models.” And as such, there are many companies offering guidance. Microsoft alone has helped aid zero trust deployments in thousands of organizations with insightful (and practical) guides on how to adopt a zero-trust business plan.

Global cybersecurity leader Palo Alto Networks shares that there are three crucial steps you need to follow to deploy zero trust architecture in your business:

Define your protected surface: Zero trust architecture can be costly and complicated. As such, identify your protected surface—including components like company applications and assets— rather than focusing on a large network area.
If your business utilizes Microsoft 365, then you’ll know that documents, email, SharePoint data, and Teams chat must be secured against cyberattacks. Attackers can breach an account with access to the data or hijack your system admin, making it imperative to find a SaaS data backup solution that can maintain multiple backup copies with the needed granularity of data and metadata.
Map your data flow: Plan your business’ flow of instructions and data as this will provide you with information on overlapping networks.
For instance, where and in which formats is the data stored? If your employees utilize digital, desktop, mobile, or cloud, identify them so you can see how data is moved and shared.
Design your architecture: Essentially, the network architecture should prevent unauthorized access to individuals who aren’t part of your company.
This is especially relevant if you want to encrypt data before it moves to cloud storage devices. If you want to back up your company’s Microsoft 365 data, for instance, we offer blockchain-based encryption technology that guarantees your backups will remain immutable to ransomware threats and data loss. At Keepit, we also offer comprehensive coverage for M365 applications such as SharePoint, OneDrive, Groups and Teams, and Exchange Online.

Of course, implementation isn’t as simple as one, two, three: It involves a massive undertaking and a focused effort to implement and maintain. There are many, many other variables and considerations.

For instance, you can also adopt multi-factor authentication (MFA) and ensure use of updated devices.

MFA is especially relevant for companies who have stored their digital information on cloud computing systems. With MFA, you can prevent unauthorized users from accessing your organization’s resources.
Similarly, encourage your workforce to update their devices with the latest firmware as this typically offers security patches for known vulnerabilities.

Continuously monitor your network and device attributes. Adopting zero trust architecture can prove futile if your workers do not audit and maintain a log for monitoring network traffic.

Do I still need to get backup for my SaaS data?

Ultimately, zero trust makes it much more difficult for external threats to gain access to an organization’s business-critical data – but not impossible. It also does not protect you against internal threats nor from human errors such as accidental overwrites and accidental deletions.

Data protection best practices tell us to always have a backup. That is a fundamental responsibility for you, the data creator and customer of a SaaS service like Microsoft 365, due to the well-documented yet often misunderstood shared responsibility model. Securing an independent backup is still the best way to ensure 24/7 availability to your data.

With the offerings from specialized third-party backup and data management providers, peace of mind can be had quickly and from a cost-effective service. This is why Keepit was created: Your data, here today, here tomorrow.

Want backup now?

Learn more about Keepit’s SaaS data backup service offerings here.

If you’d like to explore more about backing up a particular SaaS workload like Microsoft 365, find the relevant Keepit blog posts below, as Keepit offers a suite of cloud SaaS data protection services:

Read our blog about why you need to back up M365
If you’re using Salesforce, read that blog article here
Why back up Active Directory (Azure) here
And for Google Workspace
Finally, read why to back up Zendesk here

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

2022 Keepit

Why adding “End of Life” to your cybersecurity vocabulary is a good idea

Life seems to be moving at a blazingly fast pace. As so does technology. Maybe even more so. Meaning, it is no wonder we sometimes feel overwhelmed and questioning whether we can keep up. Yes, it is hard to keep up with new technological advances and the threats accompanying them. But the fact is that because technology is moving so fast, that is exactly the reason to stay on top of the latest cybersecurity knowledge and solutions.
The saying “New is always better” is clearly not always true, but when it comes to securing our devices, there is some truth to it. We trust what we know, and with technology changing rapidly, we may prefer to keep on using outdated, but trusted, products. But there are a few things to consider, especially in the field of digital security. There are malicious threats we need protection from that are testing and honing exploitation techniques against software product – especially older versions.
Upgrading to new software can be a difficult decision, especially when a business has invested heavily in a particular product or funds are scarce to ensure continuity after an upgrade. Some businesses may not want to update at all. Yet sometimes the manufacturer or software provider can press the issue by bringing products to their end of life. End of Life. Also known as a product sunset, this date is a communicated conclusion to the manufacturer’s support for a product (or service) and is generally preceded by a period of limited support. In basic terms, this means that change is afoot.

What is EOL?
End of Life is a policy change, applying to platforms or products, that has reached the end of its useful life. This decision is made by the manufacturer and typically occurs many years after the software’s or hardware’s production.

EOL policies evolve with the aim of reducing the number of older product versions that demand constant attention and maintenance. Why do providers do this? To focus time and resources on newer products so that they get the attention they need to protect our customers against new arising threats. Progress cannot be stopped, but attempts are constantly made via new threats to interrupt our journey forward. ESET is here to protect progress, so instead of resisting this momentum, we should ensure we not only appreciate the new technology but also the new threats. The newer the product, the better it is adapted to protect in the current threat environment. This will allow for better protection and make for a smoother experience for our business customers.

It is very important, and we strongly advise our users, to always run the latest version of ESET products. Users should also ensure that other critical software, especially your device’s Operating System (OS), is up to date and fully supported. The status of your OS is very important as it can have many implications to core functions and security too. For example, there have recently been changes to Window´s End of Life policy. To read more click on this link.

The upgrade to the latest ESET product versions has always been at “no cost,” and that is still the case to this day; the fact that access to new product versions is included in the price of your valid license remains unchanged. In this way, updates allow users to employ the most advanced security technologies that are high performing and easy to use, all of which help make our products more effective for you. To check ESET´s End of Life policy click this link.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET 2022

‘Tis the season not to get smished!

We all hope to have some peace and quiet during the holiday season, not just in the physical world, but also in the digital one. But we got used to using our devices for ordering presents online, communicating with family through video chat, and looking for good deals online. And those are exactly the snippets of your time, that cybercriminals take advantage of.

It´s no wonder there is a surge of holiday-themed SMS phishing or smishing. According to Proofpoint research, instances of smishing doubled in 2021 in comparison to 2020 during the holiday season. Most of the texts sent during this time are related to delivery or retail messaging. Cybercriminals pray on Black Friday, Cyber Monday and other retail-important events, but also deliveries post purchase. But why exactly do they choose SMS as their threat vector?

Text messages are easier than email, since they can be short, and what´s more, text messages have a 98% open rate, and 95% of texts are opened and responded to within the first three minutes of its delivery. And what is even more, the chance of a person being cautious with a text compared to an email is much lower. The click through rate for text messages is eight times higher than email, and yet less than 35% of the population knows smishing exists.

These text messages claim to be good deals, or delivery information for a non-existent package. And since many people order not just one package from just one online store, they don’t always give it much thought as to what this particular item might be. These smishing texts contain a click-through link to a landing page attempting to steal your personal information.

So what exactly would a smishing message look like?

There are certainly some characteristics to look out for.

Unfamiliar sender – this may be an unknown or strange-looking number
Urgency – just like traditional email phishing campaigns, smishing messages urge you to act quick, or your package will be returned to sender, or the offer deal is about to end
Links – links to landing pages and sites where you are expected to enter your personal information
Requests – they may often request you to provide personal or financial details

How not to become a smishing victim?

First of all, think twice before clicking on any links and requests, is a great rule of thumb for your cybersecurity in general. But more specifically, when receiving an unknown or suspicious text message, do not click on any links, reply to the message or provide any personal information. Instead, either ignore or completely delete the message. And if you are still not sure if the message is real or not, search for the organization, government body or e-store online, contact them, and assure yourself of the legitimacy of said message

Best cybersecurity gift

To make your life easier, and this season more peaceful, give yourself the gift of cybersecurity and opt for a good mobile security solution. ESET Mobile Security aims to provide a safe environment for you to enjoy time with loved ones without worrying about your digital safety.

The solution aims to protect and secure your device from criminal activity using manipulation of users, known as social engineering, into gaining access to sensitive data such as bank account credentials, card numbers, PIN numbers, usernames and passwords.

The anti-phishing protection feature is now bolstered by a new Anti-smishing feature. This defends and warns the user against any messages containing malicious links after delivery, making sure you are protected even before opening the message and any links the message might contain.

We recommend you turn this feature on from its default off state, to ensure you are fully protected, especially during quality time with loved ones. All malicious websites, listed in our ESET malware database, will be blocked and a warning notification will be displayed informing you of the attempted attack.

ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, as well as helping to protect your valuable data. ESET is already trusted by millions of users around the world to keep their data safe. ESET helps protect the Google Play store and is trusted by millions of users like you around the world, and is dedicated to the online safety and education of children and their parents. Click here to find out more.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

2022 ESET

Building an Incident Response Plan for Ransomware

Ransomware is considered one of the biggest threats to business in 2022. In this type of cyberattack, hackers block their victims’ computers and charge a ransom to unlock them.

You may be wondering: what are the basic steps of an Incident Response Plan for ransomware or what an Incident Response Plan should include? So we prepared this article.

Here are the aspects a proper response to a ransomware attack should include:

Risk Assessment
Identification of a Ransomware Attack
Defining the Scope of the Attack

Isolation of Affected Systems Elimination of Malicious Software Disclosure of the Attack Environment Recovery Incident Recovery Plan Application of Lessons Learned

Keep reading this article and learn all about it!

Basic Steps of an Incident Response Plan An Incident Response Plan involving ransomware shall cover the following steps:

Risk Assessment The first step for those who want to design an Incident Response Plan involving ransomware is to assess the risks and threats faced by the company. In this step, you should understand which types of ransomware your company is most vulnerable to and which assets and data would be most impacted. In addition, it is important to know how and to what extent your organization would be affected by a ransomware attack.

Identification of a Ransomware Attack When implementing an Incident Response Plan for ransomware, it is possible to identify an attack, taking into account there are many types of malware similar to ransomware, and the main signs of the latter are encryption and file blocking.

Defining the Scope of the Attack In an Incident Response Plan for ransomware, defining the scope of the attack is equivalent to measuring how much data and systems were affected by it. That is when you will know if the attack affected a single server, or if all your files kept in the data center or the cloud were impacted as well.

Isolation of Affected Systems The next step is to stop ransomware activities by isolating the affected systems in order to contain the attack and immediately putting the affected systems and networks offline. If this is not possible, disconnect the compromised devices or remove them from Wi-Fi to prevent ransomware infection from spreading.

Elimination of Malicious Software After containing the attack and isolating the affected systems, you must respond to the incident by eliminating malicious software and making sure the attack has been stopped. In the Incident Response Plan for ransomware, this is the time to assess the extent of the damage and check for backups to the locked files.

Disclosure of the Attack

Certain data protection laws and compliance regulations provide that attacks affecting sensitive data must be notified to authorities and persons who have had their information exposed.

So, if a ransomware attack has affected your customers’ data, be prepared to make the disclosure, according to the steps established by the regulatory bodies.

Environment Recovery

After removing the malicious software and disclosing the attack, the focus should be on restoring systems and data by using the backup to retrieve information and reinstalling the systems.

In this step, the security team must work in collaboration with the IT team, ensuring all security mechanisms are updated before reinstalling the impacted systems.

Incident Recovery Plan

If you are not prepared to restore systems and data after the attack, you will need to create an Incident Recovery Plan for ransomware.

This activity may be a bit time-consuming, but it is essential to avoid errors during recovery. In this step, you should also look for ways to recover files that were not saved in backups.

Application of Lessons Learned

Once you have recovered the data and restored your business operations, it is essential to check what has happened. Making a solid assessment of what motivated the ransomware attack will help your company not make the same mistakes and prepare employees to deal with future situations.

Relevant Statistics on Ransomware

Here are some relevant figures about ransomware attacks:
9% of Americans have been targeted by this type of attack;
Two-thirds of ransomware infections are caused by phishing emails;
Annually, ransomware attacks generate $1 billion for malicious attackers;
It is believed a ransomware attack will take place every 11 seconds by the end of 2022.
In 2020, schools and colleges were the main targets of ransomware attacks.

About senhasegura

We are senhasegura, a company widely recognized as a leader in cybersecurity. Our purpose is to provide sovereignty over sensitive data to the companies that hire us, using PAM to prevent data theft and leaks, as well as shutdowns in activities, which damage the results of corporations.

To achieve this goal, we track the lifecycle of privileged access management and use machine automation before, during, and after access.

Moreover, we automatically audit the use of privileges and privileged actions to prevent abuse, reducing cyber risks. We also bring organizations into compliance with audit criteria and standards such as HIPAA, PCI DSS, ISO 27001, and Sarbanes-Oxley.

Conclusion

In this article, you saw that:

Ransomware is a cyberattack in which hackers block their victims’ computers and charge a ransom to unlock them;
An Incident Response Plan involving ransomware must include the risk assessment, identification of the attack, definition of the scope of the attack, isolation of the affected systems, elimination of malicious software, disclosure of the attack, and recovery of the environment among its steps;
It is also critical to verify what happened after implementing the Incident Response Plan for ransomware; and
Alarming numbers reveal ransomware is one of the main cyber threats today.

Did you like our article? Then share it with someone who wants to learn more about Incident Response Plan for ransomware.